Qualys Cloud Platform

Free Services

@RISK Newsletter for March 28, 2013

The consensus security vulnerability alert.

Vol. 13, Num. 13

This is a weekly newsletter that provides in-depth analysis of the latest vulnerabilities with straightforward remediation advice. Qualys supplies a large part of the newly-discovered vulnerability content used in this newsletter.

CONTENTS:

TOP VULNERABILITY THIS WEEK: A cross-site scripting vulnerability was

discovered in the popular Wordpress Wp-Banners-Lite plugin. Given thepopularity of using compromised WordPress installations to hostmalicious content, and the hundreds of thousands of vulnerable sitesseen via Google queries at the time of publication, this vulnerabilityis likely to be used widely by nefarious actors looking to cover theirtracks.

NOTABLE RECENT SECURITY ISSUES SELECTED BY THE SOURCEFIRE VULNERABILITY RESEARCH TEAM

Title: Wordpress Wp-Banners-Lite plugin cross-site scriptingDescription: A trivially exploitable cross-site scripting vulnerabilitywas discovered this week in the popular Wordpress Wp-Banners-Liteplugin, with details released on the Full-Disclosure mailing list.Administrators of vulnerable systems are urged to patch immediately;however, given the huge numbers of neglected, vulnerable WordPressinstallations in the wild, and their popularity as launching points forother attacks, system administrators should be more concerned aboutcompromised sites being used to attack their users. In particularlyrestrictive environments, administrators should consider blocking allWordPress hosted sites.Reference:http://seclists.org/fulldisclosure/2013/Mar/209Snort SID: 26263ClamAV: N/A

Title: MongoDB command injection vulnerabilityDescription: A fully functional exploit for a newly discovered MongoDBcommand injection vulnerability was released this week. The issue -which stems from improper filtering of the “nativeHelper.apply” methodoriginally created by SpiderMonkey, and imported by MongoDB. No patchis currently available; system administrators are urged to filter thecommand wherever possible.Reference:http://cxsecurity.com/issue/WLB-2013030212Snort SID: 26262ClamAV: N/A

Title: Massive DDoS against Spamhaus reaches 300GbpsDescription: Following a dispute between Dutch hosting providerCyberbunker and anti-spam group Spamhous, the latter suffered whatinitially began as a relatively small - 10 Gbps - DDoS, which escalatedover the course of last week to a 300Gbps flood. Anti-DDoS providerCloudFlare noted that the attackers - who have not been conclusivelylinked to Cyberbunker - were able to generate such huge volumes oftraffic by using open DNS resolvers, which can respond to small, spoofedrequests with massive floods of data. As a result of this attack - oneof the largest ever on the Internet to date - a new project has beenannounced to locate and fix all of the approximately 27 million suchsystems on the Internet today.Reference:http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internethttp://openresolverproject.org/Snort SID: Rate-based preprocessorClamAV: N/A

RECENT VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE COMPILED BY THE QUALYS VULNERABILITY RESEARCH TEAM

This is a list of recent vulnerabilities for which exploits areavailable. System administrators can use this list to help inprioritization of their remediation activities. The Qualys VulnerabilityResearch Team compiles this information based on various exploitframeworks, exploit databases, exploit kits and monitoring of internetactivity.